kanbloggawse.gb.net
Open in
urlscan Pro
104.129.25.9
Malicious Activity!
Public Scan
Submitted URL: https://kanbloggawse.gb.net/fdsa/?ytbgvfdcrt3fcdsx=cr45676hytbvfcd
Effective URL: https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14...
Submission Tags: 7009991
Submission: On March 09 via api from NL
Effective URL: https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14...
Submission Tags: 7009991
Submission: On March 09 via api from NL
Summary
This website contacted 6 IPs
in 3 countries
across 6 domains to perform 21 HTTP transactions.
The main IP is 104.129.25.9, located in
Atlanta, United States and
belongs to ASN-QUADRANET-GLOBAL, US.
The main domain is kanbloggawse.gb.net.
TLS certificate: Issued by R3 on March 1st 2021. Valid for: 3 months.
This is the only time kanbloggawse.gb.net was scanned on urlscan.io!
TLS certificate: Issued by R3 on March 1st 2021. Valid for: 3 months.
This is the only time kanbloggawse.gb.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BT (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 15 | 104.129.25.9 104.129.25.9 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
| 1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
| 21 | 6 |
15
104.129.25.9
(Atlanta, United States)
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 104.129.25.9.static.quadranet.com
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 104.129.25.9.static.quadranet.com
| kanbloggawse.gb.net |
2
2606:4700::6812:bcf
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| maxcdn.bootstrapcdn.com | |
| stackpath.bootstrapcdn.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
gb.net
1 redirects
kanbloggawse.gb.net |
446 KB |
| 2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com |
26 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
29 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
| 1 |
jquery.com
code.jquery.com |
23 KB |
| 0 |
bt.com
Failed
secure.business.bt.com Failed |
|
| 21 | 6 |
| Domain | Requested by | |
|---|---|---|
| 15 | kanbloggawse.gb.net |
1 redirects
kanbloggawse.gb.net
|
| 1 | stackpath.bootstrapcdn.com |
kanbloggawse.gb.net
|
| 1 | ajax.googleapis.com |
kanbloggawse.gb.net
|
| 1 | maxcdn.bootstrapcdn.com |
kanbloggawse.gb.net
|
| 1 | cdnjs.cloudflare.com |
kanbloggawse.gb.net
|
| 1 | code.jquery.com |
kanbloggawse.gb.net
|
| 0 | secure.business.bt.com Failed |
kanbloggawse.gb.net
|
| 21 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| kanbloggawse.gb.net R3 |
2021-03-01 - 2021-05-30 |
3 months | crt.sh |
| jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2021-02-17 - 2021-05-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/?Key=QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan&rand=13InboxLightaspxn_QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan_T0hBa1lCWk91VHVGcWFu-&2b31ffdb653eef0883909765127e46796afabc1e4a706b2f3a74bcdef0616342
Frame ID: CEEB7BB7DE173AA0DBB01CEADE24EF31
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://kanbloggawse.gb.net/fdsa/?ytbgvfdcrt3fcdsx=cr45676hytbvfcd Page URL
-
https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d8270...
HTTP 301
https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d8270... Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://kanbloggawse.gb.net/fdsa/?ytbgvfdcrt3fcdsx=cr45676hytbvfcd Page URL
-
https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan?Key=QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan&rand=13InboxLightaspxn_QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan_T0hBa1lCWk91VHVGcWFu-&2b31ffdb653eef0883909765127e46796afabc1e4a706b2f3a74bcdef0616342
HTTP 301
https://kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/?Key=QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan&rand=13InboxLightaspxn_QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan_T0hBa1lCWk91VHVGcWFu-&2b31ffdb653eef0883909765127e46796afabc1e4a706b2f3a74bcdef0616342 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
 Cookie set
/
kanbloggawse.gb.net/fdsa/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/ Redirect Chain
|
36 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app.min.css
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/css/ |
29 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app-blessed1.min.css
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/css/ |
347 KB 347 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nprogress.css
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/css/ |
601 B 842 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
cookies_styles.css
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/css/ |
5 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bt-logo.png
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
search.svg
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
btb.global.nav.css
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/css/ |
14 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
promo-My-Account-app-V2.png
kanbloggawse.gb.net/fdsa/QXNpYQ==09-03-202112-36-41pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aT0hBa1lCWk91VHVGcWFuVUVzPQ==UGFraXN0YW4=VUVzPQ==OHAkYBZOuTuFqan/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
newbt-webfont.woff
secure.business.bt.com/Content/GroupsAndPermissions/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
newbtbd-webfont.woff
secure.business.bt.com/Content/GroupsAndPermissions/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
newbt-webfont.woff
kanbloggawse.gb.net/Content/GroupsAndPermissions/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
btfont_lt-webfont.woff
kanbloggawse.gb.net/Content/GroupsAndPermissions/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
newbt-webfont.ttf
kanbloggawse.gb.net/Content/GroupsAndPermissions/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
btfont_lt-webfont.ttf
kanbloggawse.gb.net/Content/GroupsAndPermissions/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- secure.business.bt.com
- URL
- https://secure.business.bt.com/Content/GroupsAndPermissions/assets/fonts/newbt-webfont.woff
- Domain
- secure.business.bt.com
- URL
- https://secure.business.bt.com/Content/GroupsAndPermissions/assets/fonts/newbtbd-webfont.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BT (Telecommunication)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| Popper object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| kanbloggawse.gb.net/ | Name: PHPSESSID Value: daaa9702f289f27eb235e8a1ceb7b30a |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
kanbloggawse.gb.net
maxcdn.bootstrapcdn.com
secure.business.bt.com
stackpath.bootstrapcdn.com
secure.business.bt.com
104.129.25.9
2001:4de0:ac18::1:a:1b
2606:4700::6810:125e
2606:4700::6812:bcf
2a00:1450:4001:801::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2a08332e107f5443f4ab26b3f47ab9dca71722fb804f4cf60778719f6b39b476
44077aa8dd8bdac38e1c2a22b222c91c6712f339a61279c0fdf64cf28fe1f3d6
50b03240c6433999f72f9e1e44812e4c9d77112aa53812753d40da168129d41e
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6b880342c8396378c7e56effc2179494fc1173db4818465e38ae2664e437f2f0
712fa317d781d2e0119f795213ba35afb8ada6c3d9e1c46b71d24ababd20c12a
7fd809ecb6d9c07ad69575fea40314ac3c5012c91333d101dbcd087996762760
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b7850fe9722613f42e35824c8de185534ebb407fda3f8b600313621b9c6ab122
c9f6bbe7c2eedf3abc781bc36ef07a3fa199195e36a4010409066310d09f1c12
ca749500e1cf00cb4b564442757e9cc249dc9b7085838671cb9845b510bf43ef
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
eff857920a89daa3ab5f64d2f44ff6d5b32577ed0ff1462bc9ffb2eada48258c